[...]... signatures, and MACs, which form the basis of DNS security implementations, is provided for readers unfamiliar with this topic Chapter 11, “DNSSEC” This chapter deals exclusively with the latest DNSSEC.bis security standards and covers both the theory and implementation Zone signing, chains of trust, Zone Signing Keys and Key Signing Keys, DNSSEC Lookaside Validation (DLV), and key-rollover procedures... 14, BIND APIs and Resolver Libraries” Designed more for programmers and designers, you will need a reasonable understanding of C to make sense of this chapter The new BIND Simple Database API and the original BIND RES library are covered, together with an overview of the current status of DNS- related POSIX interfaces Chapter 15, DNS Messages and Records” This chapter covers the gory details of DNS. .. DNSSEC (DNSSEC.bis) standards and a major functional upgrade from previous BIND 9 releases If you run or administer a DNS system, are thinking about running a DNS system, need to upgrade to support IPv6 DNS, need to secure a DNS for zone transfer, dynamic update, or other reasons, need to implement DNSSEC, or simply want to understand the DNS system, then this book is designed to provide you with a single... with dig and nslookup—to get out and explore the Internet using these tools A practical example is used to illustrate to some diagnostics techniques and procedures Chapter 10, DNS Secure Configurations” DNS security is broken into four parts: administrative security, securing zone transfers, securing dynamic update, and DNSSEC An overview of general cryptographic processes including symmetric and asymmetric... high levels of security Netwidget uses BIND, NSD, DHCP Apache, Squid, ProFTP Samba, Courier e-mail, , , OpenLDAP and OpenSSL, among many other high-quality packages, and is developed in a , mixture of C and Ruby Zytrax supports its own and customer-hosted DNS, web, e-mail, and LDAP services on a mixed network of Windows, Linux, and, increasingly, FreeBSD systems, and has been an Open Source user since... introduced with the BIND 9 series 4940fm_final.qxd 7/8/05 2:42 PM Page xxix sINTRODUCTION Chapter 5, DNS and IPv6” Chapter 5 focuses on IPv6 and the DNS features that support this increasingly widespread protocol A brief overview of IPv6 address structure and notation is provided for those currently unfamiliar with this topic Chapter 6, “Installing BIND This chapter covers the installation of BIND on Linux... requirements Chapter 8, “Common DNS Tasks” A number of standard DNS configurations are described and illustrated with sample files and implementation notes The items covered include delegation of subdomains, load balancing, fixing sequence errors, delegation of reverse subnets, SPF records, and the use of wildcards Chapter 9, DNS Diagnostics and Tools” The major utilities supplied with a BIND distribution, including... CHAPTER 15 DNS Messages and Records 507 DNS Message Formats 509 DNS Message Overview 511 DNS Message Format 513 DNS Message Header 513 DNS QUESTION SECTION 516 DNS ANSWER, AUTHORITY, and ADDITIONAL... secure DNS (DNSSEC) implementations But the background information is there for those times when you not only need to know what to do, but you also need to know why you are doing it, and how you can modify the process to meet your unique needs Who This Book Is For This book is about running DNS systems based on BIND 9.3.0—the first stable release that includes support for the latest DNSSEC (DNSSEC.bis)... 219 dnssec-signzone Utility 219 dnssec-signzone Syntax 220 dnssec-signzone Options 220 dnssec-signzone Examples 222 Diagnosing DNS Problems 223 Before the Problem Happens 224 When the Problem . h0" alt="" Pro DNS and BIND Ron Aitchison 4940fm_final.qxd 7/8/05 2:42 PM Page i Pro DNS and BIND Copyright © 2005 by Ron Aitchison All rights reserved. No part of this work may be reproduced or. A GLANCE v PART 5 ■ ■ ■ Programming ■CHAPTER 14 BIND APIs and Resolver Libraries. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475 ■CHAPTER 15 DNS Messages and Records . . . . . . . . . . . 155 ■CHAPTER 9 DNS Diagnostics and Tools. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183 PART 3 ■ ■ ■ DNS Security ■CHAPTER 10 DNS Secure Configurations